Login

Guidelines for Publishers and Advertisers

The service provided by Transactionale and the purpose of this document

Transactionale is an innovative eCommerce cross-network advertising service by which Publishers and Advertisers can
establish convenient links and interactions with the public.

Let us imagine that a user orders a product from a Publisher’s website; once the purchase is concluded,
Transactionale sends him a communication containing discounts, offers and promotions which are associated with the
purchase, and related to other products and/or services distributed by other members of the Transactionale network
(los Anunciantes). Besides, if such user provides their consent, some of their data may be communicated to the
Advertiser, so allowing the further sending of commenrcial communication.

As you can appreciate, such operations involve the processing of personal data with consequent obligations pursuant
to the applicable data protection laws.

Who is responsible for complying with such laws, what is the content of these obligations, and what shall be done in
order to act as the law requires? These are the questions we are going to answer on the next pages.

The data controller

The Publisher receives, via the relevant e-commerce platform, some personal data from its users.

The personal information received may be subject to several processing operations for different purposes, such as
analytics, profiling, advertising etc. Each processing operation can be carried out directly by the Publisher,
acting as a Data controller, or by external entities who act on its behalf, as Data processors.

Transactionale belongs to this category of third parties as Flyer tech is the provider of the technological solution
through which the Service is delivered; in other words we act as an external Data processor on behalf of our
clients.

As a consequence, each Publisher, as Data controller, has to provide their client with a comprehensive privacy policy
which accurately describes data processing operations (included but not limited to those associated with
Transactionale). In this role, the Publisher shall also implement adequate modalities for collecting users’
consent.

The privacy policy essentials

Any privacy policy should describe who processes data, how and why. It's an essential document that allows its
readers to understand the methods of the processing and, as a consequence, express their informed, free and
therefore legally valid consent. This is exactly the reason why, in our T&C, we ask our Clients to provide their
users with the appropriate information on data processing, as required by the law.

For example, if you use Transactionale, your privacy policy should provide explanations about the service and the
promotional communications delivered through it. This document should also describe the technologies used for the
collection of data and inform its readers on how to opt-out from these technologies.

We have asked iubenda, a company specialised in drafting privacy and cookie policies, to provide us with a
description of our services ideally targeted at integrating our Clients’ privacy policies

Transactionale

Transactionale is a cross network advertising service provided by Flyer Tech S.r.l. The service uses some User's
Personal Data (such as name, surname, interests, purchases, email address, etc.) to send promotional
communications
concerning third party products of providers belonging to the same network.
Such offers will always be linked with the product actually purchased by the User.

However, as our clients are well aware, Transactionale has further features which allow the circulation of users’
data among the members of the network. More precisely, if the client provides its consent, data initially held by
the Publisher may be communicated to the Advertiser and so allow the latter to directly send promotional
communications concerning its products (without asking for another consent to do so).

This is a textbook case of data communication to third parties. Such activity must be explained to – and be priorly
accepted by – the Visitor. Here is iubenda’s suggestion:

Data Communication to third-parties through Transactionale

The Owner may create databases by using the User's Data and/or second-level data deriving from analytics or
profiling
activities.

If the User purchases a product on our website and expresses their consent, the Owner may use Transactionale to
communicate the previously mentioned Data to third parties whose products the User has expressed interest in.
Such
third parties may use Data to send promotional communications to the User.

The User can revoke their consent at anytime by simply sending an email to the contact details indicated in this
document or, if communications to third party have already occurred, by directly contacting such third
party.

The consent

After having informed its users (by means of a privacy policy), the Publisher must request – and obtain – their
consent, not only a generic one (“I accept the Privacy policy of the Service”) but also the distinct and different
consents associated with particular types of data processing: profiling, newsletter, DEM, data communication to
third parties, etc.

These particular data processing activities must be accepted specifically. For example, the use of Transactionale
implies the sending of DEM communications.

In this regard, the hypothetical check-boxes that the Publisher should devise for requesting such consents may be as
follows:

“I have read and therefore accept the privacy policy and the terms and conditions of the Service”

I authorise the Owner (or third parties appointed to do so) [i.e., Transactionale] to analyse my preferences and
make predictions on my choices, in order to receive commercial and/or promotional communications consistent with
my interests

As you can see, the previous list does not include the consent required for data communication to the Advertiser,
which can be postponed until it is really necessary (i.e. until the visitor has access to the offers). In order to
accomplish this, the Publisher may, for example, use a pop-up window containing a message like this:

“I accept that my Data will be communicated to third parties whose products I have expressed interest in. I hereby
authorize such third parties to send me promotional and commercial communications regarding their products and/or
services (optional)”.

As a general rule, check-boxes shall never be pre-flagged (otherwise the consent will be deemed invalid). Lastly, no
matter how you choose to request the consent (through a check-box or a pop-up window etc.), it is of the utmost
importance that Publishers keep track of the consent obtained. You should always register Users' consent in a manner
that is safe and make consent easy prove in case of inspections or verifications.

In short

In conclusion, the Publisher should:

describe the processing activity and specifically inform the users on the activities carried out by
Transactionale. In this respect, iubenda's Privacy policy generator contains ad-hoc clauses, such as those
regarding advertising activities through Transactionale. Other clauses deal with the Data communication to
Advertisers operated by the Service;

before starting the processing of any personal data, collect the user’s consent. According to the general
principle which states that no formalities are required in choosing the modalities for consent collection, the
technical methods may be different (check-boxes, pop-up windows, etc.), provided that they are suitable for
obtaining a legally valid consent (i. e. that has the characteristics referred to in art. 23 of the Privacy
Code);

provide at the bottom of each promotional email the Publisher's company data, instructions for changing the
sending settings (e. g. from daily to weekly or vice versa) and a link to cancel the registration (Opt-out).

What to do next?

You can hire a lawyer, try to write your privacy policy on your own, or use the iubenda privacy policy generator.

This last option will help you to simply the process of identifying the categories of data used by your service. Once
the data have been identified, it will then be possible to enter the services you use, which are always provided
with specific descriptions of their features. The clause relating to Transactionale is a Pro service that you can
easily access to if you open a premium account.

At the end of this simple process, you will have at your disposal a complete and always updated privacy policy, which
fully implement and describe the service provided by Transactionale.